I’m excited to announce that AWS Security AWS and AWS DevOps Agent penetration tests are now generally available, representing a new class of AI capabilities we announced at say:Invent called frontier agents. These autonomous systems work autonomously to achieve goals, grow exponentially to perform the same tasks, and operate for hours or days without constant human supervision. Together, these agents are changing the way we protect and use software. Predictably, customers and partners report that AWS Security Agent compresses penetration testing times from weeks to hours, and AWS DevOps Agent supports 3-5x faster incident resolution.
What makes border agents different?
Unlike traditional AI assistants who assist with individual tasks, border agents act as extensions of your team, providing comprehensive results. They don’t just answer questions – they work independently to solve complex problems, make multi-step decisions, and keep working until they achieve their goals. These are not tools that require permanent guidance. They are intelligent systems that understand situations, reason about problems, and take action—changing the way organizations approach application security and operational excellence.
AWS Security Agent: Reduce penetration tests from weeks to hours
AWS Security Agent turns penetration testing from a periodic bottleneck into an on-demand capability. Many organizations limit manual penetration testing to their most critical processes due to time and cost constraints, which can leave much of their portfolio exposed between tests. AWS Security Agent changes this by providing automated penetration testing that runs 24/7 at a fraction of the cost, enabling you to test all of your applications whenever you need to.
The AWS Security Agent acts as a human penetration tester—it identifies potential vulnerabilities, attempts to exploit them with targeted payloads and attack chains, and confirms that they are legitimate security risks. By uploading your source code, architecture and documentation, it understands how your application is designed and built to identify human vulnerabilities and the most powerful attack chains that traditional scanners miss. Bamboo Health said, “The AWS Security Agent has produced results that no other tool has detected.” HENNGE KK shared that “this allows us to rapidly accelerate our security lifecycle, reducing the average testing time by more than 90%.” Consumers disclose security risks while significantly reducing testing time.
“I’m excited about how a border agent like AWS Security Agent transforms a critical task for our customers. They can reduce penetration test time from weeks to hours, while revealing critical vulnerabilities that traditional scanners miss” said Amy Herzog, Vice President and CISO, AWS. “We use Security Agent ourselves on AWS. This is a great example of AI becoming an independent partner to provide comprehensive, continuous security.”
Learn more in our announcement today.
AWS DevOps Agent: Automated process automation across multiple domains
AWS DevOps Agent is your always-on colleague who effectively resolves and prevents incidents, improves application reliability and performance, and handles demanding SRE tasks in AWS, multicloud, and on-premise environments. When incidents occur, it automatically investigates root causes by connecting telemetry, code, and deployment data across your entire stack – whether your applications are in AWS, Azure, hybrid, or on-prem. Works with your visualization tools (including CloudWatch, Datadog, Dynatrace, New Relic, Splunk, Grafana), runbooks, code repositories (GitHub, GitLab, Azure DevOps), and CI/CD pipelines like an experienced DevOps engineer would.
For operations teams, this means faster incident resolution and improved productivity. Customers and partners using AWS DevOps Agent in the first instance reported up to 75% lower MTTR, 80% faster investigations, and 94% root cause accuracy, supporting incident resolution 3–5x faster. The agent provides clear mitigation plans with agent-prepared explanations, learns from historical trends to provide targeted recommendations that enhance visibility and system stability, and builds a full understanding through automated process discovery and dynamic topology mapping across different operating levels. A DevOps agent automatically captures an event and redirects it back to the correct code or deployment change. Working together, with tools like Kiro and Claude Code, a DevOps Agent can generate proven fixes that can be reused in the system.
Western Governor’s University (WGU), a leading online university serving more than 191,000 students, was one of the first institutions to put Amazon DevOps Agent into production, doing so even before the announcement of the preview to say:Invent. During a recent production survey, WGU’s SRE team used DevOps Agent to analyze the level of service disruptions, reducing resolution time from an estimated two hours to just 28 minutes – a 77% improvement in MTTR. The agent quickly identified the root cause within the AWS Lambda function configuration, revealing valuable operational knowledge that was previously only available in undiscovered internal documents.
Learn more in our announcement today.
Why border agents are important
These agents exhibit three characteristics that define frontier agents: they work independently to achieve goals at multiple levels, they work intensively to handle single tasks across your entire portfolio, and they run for long hours or days to complete a complex task from start to finish.
This means helping security teams move from periodic testing of critical applications to continuous, comprehensive testing of everything. This means assisting operations teams from firefighting operations to effective system upgrades. Both agents expand what your team can achieve, tackling complex tasks that previously required valuable human time and expertise.
AWS Security Agent and AWS DevOps Agent are just the beginning. As we continue to develop border proxies and custom border proxies, we focus on making these systems robust, efficient, and reliable. These border agents represent a new way of working — where AI systems act as true extensions of your team, taking on specific tasks while you focus on what matters most.
To get started, visit AWS Security Agent and AWS DevOps Agent to learn more.
The limit of AI agents is there. Let’s build the future together.
About the author
Swami Sivasubramanian is Vice President of Agetic AI at Amazon Web Services (AWS). At AWS, Swami has led the development and growth of leading AI services such as Amazon DynamoDB, Amazon SageMaker, Amazon Bedrock, and Amazon Q. His team’s mission is to provide the scale, flexibility, and value that customers and partners need to improve using AI with confidence and build agents that are not only powerful and efficient, but also reliable and responsible. Swami also served from May 2022 to May 2025 as a member of the National Advisory Committee on Artificial Intelligence, which was tasked with advising the President of the United States and the Office of the National AI Initiative on topics related to the National AI Initiative.
#AWS #launches #border #agents #cloud #security #performance #testing #Amazon #Web #Services